← Back to Skills Marketplace
ansonfreeman

Hostex

by Anson · GitHub ↗ · v0.1.1
cross-platform ⚠ suspicious
1806
Downloads
1
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install hostex
Description
Hostex (hostex.io) OpenAPI v3.0 skill for querying and managing vacation rental properties, room types, reservations, availability, listing calendars, guest messaging, reviews, and webhooks via the Hostex API. Use when you need to integrate with Hostex API using a Hostex PAT (Hostex-Access-Token / HostexAccessToken) or when you need safe, intent-level API calls (read-only by default, optional write operations with explicit confirmation).
README (SKILL.md)

Hostex API Skill (Node)

Auth (PAT)

  • Set env var: HOSTEX_ACCESS_TOKEN
  • Requests use header: Hostex-Access-Token: \x3CPAT>
  • OpenAPI security scheme name: HostexAccessToken

Default recommendation: use a read-only PAT.

Dates / timezone

  • All date params are YYYY-MM-DD
  • Interpret dates in property timezone (no UTC timestamps)

OpenAPI source of truth

Stable OpenAPI JSON:

Use scripts/openapi-sync.mjs to cache a local copy into references/openapi.json.

Quick commands (scripts)

All scripts expect HOSTEX_ACCESS_TOKEN.

Read-only (safe)

List properties:

node skills/hostex/scripts/hostex-read.mjs list-properties --limit 20

List reservations (by check-in range):

node skills/hostex/scripts/hostex-read.mjs list-reservations --start-check-in-date 2026-02-01 --end-check-in-date 2026-02-28 --limit 20

List reservations (by reservation code):

node skills/hostex/scripts/hostex-read.mjs list-reservations --reservation-code 0-1234567-abcdef

Get availability:

node skills/hostex/scripts/hostex-read.mjs get-availabilities --start 2026-02-10 --end 2026-02-20 --property-id 123

Writes (guarded)

Writes are disabled unless:

  • HOSTEX_ALLOW_WRITES=true

and you pass --confirm.

Send message:

HOSTEX_ALLOW_WRITES=true node skills/hostex/scripts/hostex-write.mjs send-message --conversation-id 123 --text "Hello!" --confirm

Update listing prices (single range example):

HOSTEX_ALLOW_WRITES=true node skills/hostex/scripts/hostex-write.mjs update-listing-prices \
  --channel-type airbnb \
  --listing-id 456 \
  --start 2026-02-10 \
  --end 2026-02-15 \
  --price 199 \
  --confirm

Update listing prices (multi-range in one request):

HOSTEX_ALLOW_WRITES=true node skills/hostex/scripts/hostex-write.mjs update-listing-prices \
  --channel-type booking_site \
  --listing-id 100541-10072 \
  --prices "2026-02-03..2026-02-05:599,2026-02-06..2026-02-07:699,2026-02-08..2026-02-09:599" \
  --confirm

Create reservation (Direct Booking) (example):

HOSTEX_ALLOW_WRITES=true node skills/hostex/scripts/hostex-write.mjs create-reservation \
  --property-id 123 \
  --custom-channel-id 77 \
  --check-in-date 2026-02-10 \
  --check-out-date 2026-02-12 \
  --guest-name "Alice" \
  --currency USD \
  --rate-amount 200 \
  --commission-amount 0 \
  --received-amount 200 \
  --income-method-id 3 \
  --confirm

Update property availabilities (close/open) (example):

# Close a property for a date range
HOSTEX_ALLOW_WRITES=true node skills/hostex/scripts/hostex-write.mjs update-availabilities \
  --property-ids "11322075" \
  --available false \
  --start-date 2026-02-03 \
  --end-date 2027-02-02 \
  --confirm

Operational guardrails (mandatory)

When doing any write operation:

  1. Summarize the change (who/what/when/how much).
  2. Require the user to explicitly confirm (e.g. CONFIRM).
  3. Prefer --dry-run first if available.

Notes

  • Pagination: endpoints commonly accept offset + limit (limit max 100).
  • Never print tokens in logs; scripts redact secrets automatically.
Usage Guidance
This package appears to be a straightforward Hostex API client (read operations by default, write operations require HOSTEX_ALLOW_WRITES=true and --confirm). However: 1) the registry metadata claims no required credentials even though the SKILL.md and scripts require HOSTEX_ACCESS_TOKEN (and optionally HOSTEX_ALLOW_WRITES and HOSTEX_BASE_URL) — treat this as a red flag and verify the publisher before supplying credentials; 2) prefer creating and using a read-only Hostex PAT; 3) if you run the included scripts, run them in an isolated environment and check what they log (the code redacts tokens but error objects may include redacted token snippets); 4) enabling HOSTEX_ALLOW_WRITES grants the skill the ability to make changes — require staged tests and manual confirmation; 5) verify hostex.io and the unknown skill source (no homepage) to ensure you're not giving credentials to a malicious or typo-squatted endpoint. If you want higher assurance, ask the publisher to correct the registry metadata to declare HOSTEX_ACCESS_TOKEN as the primary credential and provide a verifiable source/homepage.
Capability Analysis
Type: OpenClaw Skill Name: hostex Version: 0.1.1 The skill bundle is designed for legitimate interaction with the Hostex API, providing both read and guarded write operations. Key security indicators include explicit 'Operational guardrails' in SKILL.md instructing the AI agent to summarize changes and require user confirmation for write operations, and the `scripts/hostex-write.mjs` code enforces these by checking `HOSTEX_ALLOW_WRITES=true` and a `--confirm` flag. The `scripts/hostex-client.mjs` file also includes `redactSecret` for token handling in logs. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The `openapi-sync.mjs` script fetches the OpenAPI spec from a legitimate Hostex domain (hostex.io) for local caching.
Capability Assessment
Purpose & Capability
Name/description, OpenAPI file, and scripts consistently implement a Hostex API client (read and guarded write operations). However the registry metadata lists no required credentials while the SKILL.md and scripts require HOSTEX_ACCESS_TOKEN (and optionally HOSTEX_ALLOW_WRITES/HOSTEX_BASE_URL). This metadata mismatch is unexpected.
Instruction Scope
SKILL.md and the scripts restrict actions to the Hostex API and local OpenAPI caching; write operations are gated by an environment flag and explicit --confirm flow. There are no instructions to read unrelated files or exfiltrate data to third-party endpoints.
Install Mechanism
No install spec (instruction-only). Scripts are included in the bundle but there is no download-from-URL or third-party package installation. Risk from install mechanism is low.
Credentials
The skill legitimately requires an API token (HOSTEX_ACCESS_TOKEN) and optionally HOSTEX_ALLOW_WRITES and HOSTEX_BASE_URL, but the registry metadata declares no required env vars or primary credential. Requesting a Hostex PAT is proportional for the stated purpose, but the omission from metadata is an incoherence that should be resolved before granting credentials.
Persistence & Privilege
always is false and the skill does not request automatic persistent privileges or modify other skills. The openapi-sync script writes a local openapi.json copy under skills/hostex/references, which is reasonable for caching but worth noting.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install hostex
  3. After installation, invoke the skill by name or use /hostex
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
- Added support and documentation for updating listing prices with multiple date/price ranges in a single request. - Added support and example for updating property availabilities (close/open) via the script interface.
v0.1.0
Initial release of Hostex skill for managing vacation rental operations via Hostex API. - Supports querying and managing properties, room types, reservations, availability, calendars, guest messaging, reviews, and webhooks. - Utilizes Hostex Personal Access Token (PAT) authentication with read-only by default for safety. - Read and write operations available via Node scripts; write operations require explicit confirmation and an environment guard. - Dates are handled in property timezone using `YYYY-MM-DD` format. - Operational guardrails enforce summarization and explicit confirmation for any API changes. - Pagination and token security are built in; secrets are never printed in logs.
Metadata
Slug hostex
Version 0.1.1
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Hostex?

Hostex (hostex.io) OpenAPI v3.0 skill for querying and managing vacation rental properties, room types, reservations, availability, listing calendars, guest messaging, reviews, and webhooks via the Hostex API. Use when you need to integrate with Hostex API using a Hostex PAT (Hostex-Access-Token / HostexAccessToken) or when you need safe, intent-level API calls (read-only by default, optional write operations with explicit confirmation). It is an AI Agent Skill for Claude Code / OpenClaw, with 1806 downloads so far.

How do I install Hostex?

Run "/install hostex" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Hostex free?

Yes, Hostex is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Hostex support?

Hostex is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Hostex?

It is built and maintained by Anson (@ansonfreeman); the current version is v0.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments